SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 76

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 77

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Automated update-Scrapy V0.1 Fixing Navigation links Automatic Nagivation Script

...

Code Block
bgColor#ccccff
// ...
String dir = null;

int number = Integer.parseInt(System.getproperty("dir")); // only allow integer choices
switch(number) {
  case 1: 
    dir = "data1"
    break; // Option 1
  case 2: 
    dir = "data2"
    break; // Option 2
  default: // invalid
    break; 
}
if (dir == null) {
  // handle error

}

This compliant solution hard codes the directories that may be listed.

...

Wiki Markup
\[[Chess 2007|AA. Bibliography#Chess 07]\] Chapter 5: Handling Input, "Command Injection"
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html] "Failure to Preserve OS Command Structure (aka 'OS Command Injection')"
\[[OWASP 2005|AA. Bibliography#OWASP 05]\] [Reviewing Code for OS Injection|http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection]
\[[Permissions 2008|AA. Bibliography#Permissions 08]\] [Permissions in the Java™ SE 6 Development Kit (JDK)|http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008)

...

IDS03IDS05-J. Sanitize non-character code points before performing other sanitizationDo not log unsanitized user input            IDS13-J. Do not assume every character in a string is the same size